Skip to content

Add SFP port mode to brocade plugin#6062

Open
rmorandell-pgum wants to merge 6 commits intocentreon:developfrom
i-Vertix:brocade-sfp-ports
Open

Add SFP port mode to brocade plugin#6062
rmorandell-pgum wants to merge 6 commits intocentreon:developfrom
i-Vertix:brocade-sfp-ports

Conversation

@rmorandell-pgum
Copy link
Copy Markdown
Contributor

@rmorandell-pgum rmorandell-pgum commented Mar 20, 2026
edited by aikido-pr-checks bot
Loading

Community contributors

Description

The plugin has been extended to include a --list-sfp-ports mode and a --sfp-port option.

In addition, the standard SNMP modes --tcp-con, --udp-con, and --uptime have been added.

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Functionality enhancement or optimization (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software

How this pull request can be tested ?

The walk is from a ExtremeSLX9640 switch but is based on the brocade MIBs .1.3.6.1.4.1.1588

BROCADE-OPTICAL-MONITORING-MIB.mib.txt.

extremeSLX.-brocadesnmpwalk.txt.zip

Checklist

  • I have followed the coding style guidelines provided by Centreon
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have rebased my development branch on the base branch (develop).
  • I have provide data or shown output displaying the result of this code in the plugin area concerned.

Centreon team (internal PR)

Description

PLEASE MAKE SURE THAT THE BRANCH PR INCLUDES JIRA TICKET ID

Please include a short resume of the changes and what is the purpose of this pull request.
Any relevant information should be added to help reviewers to understand what are the stakes
of the pull request.

Fixes # (issue)
If you are fixing a github Issue already existing, mention it here.
If you are fixing one or more JIRA ticket, mention it here too.

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Functionality enhancement or optimization (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software

How this pull request can be tested ?

Please describe the procedure to verify that the goal of the PR is matched.
Provide clear instructions so that it can be correctly tested.
Mention the automated tests included in this FOR (what they test like mode/option combinations).

Checklist

  • I have followed the coding style guidelines provided by Centreon
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have rebased my development branch on the base branch (develop).
  • In case of a new plugin, I have created the new packaging directory accordingly.
  • I have implemented automated tests related to my commits.
    • Data used for automated tests are anonymized.
  • I have reviewed all the help messages in all the .pm files I have modified.
    • All sentences begin with a capital letter.
    • All sentences end with a period.
    • I am able to understand all the help messages, if not, exchange with the PO or TW to rewrite them.
  • After having created the PR, I will make sure that all the tests provided in this PR have run and passed.

Summary by Aikido

Security Issues: 0 🔍 Quality Issues: 1 Resolved Issues: 0

🚀 New Features

  • Added SFP port monitoring mode and SFP ports listing mode.

⚡ Enhancements

  • Added standard SNMP modes tcp-con, udp-con, and uptime.
  • Extended list-sfp-ports to include TX and RX power status.
  • Introduced statefile-based caching to reduce SNMP requests.

🔧 Refactors

  • Improved performance for interface name loading during discovery.
  • Refactored help and output formatting across new SFP modes.

More info

@rmorandell-pgum rmorandell-pgum requested a review from a team as a code owner April 9, 2026 13:06
@rmorandell-pgum rmorandell-pgum requested a review from omercier April 9, 2026 13:06
aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Apr 9, 2026
View reviewed changes
src/network/brocade/snmp/mode/sfpport.pm
if (defined($self->{option_results}->{display_transform_src})) {
$self->{option_results}->{display_transform_dst} = '' if (!defined($self->{option_results}->{display_transform_dst}));

$self->{safe}->reval("\$assign_var =~ s{$self->{option_results}->{display_transform_src}}{$self->{option_results}->{display_transform_dst}}",
Copy link
Copy Markdown

@aikido-pr-checks aikido-pr-checks bot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

User-controlled display_transform_src/dst are interpolated into a string passed to Safe->reval, enabling code/regex injection. Avoid constructing/evaluating code from untrusted options.

Details

✨ AI Reasoning
​The code builds a Perl substitution expression using user-provided options display_transform_src and display_transform_dst, then executes it via Safe->reval. This composes executable code strings from external input, which can lead to code injection or unexpected execution. Safe limits some operations but does not eliminate risks of crafted regular expressions or evaluation payloads that can alter program behavior. The problematic change is the addition of dynamic evaluation in get_display_value, which introduces a new execution path for untrusted input. This finding is directly tied to the changed lines where reval is invoked.

🔧 How do I fix it?
Use parameterized queries with placeholders, array-based command execution (no shell interpretation), or properly escaped arguments using vetted libraries. Avoid dynamic queries/commands built with user input concatenation.

Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@omercier omercier Awaiting requested review from omercier omercier is a code owner automatically assigned from centreon/owners-perl

1 more reviewer

@aikido-pr-checks aikido-pr-checks[bot] aikido-pr-checks[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

external

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rmorandell-pgum